Peter's questions -server

Peter

Asked: 2017-10-24 00:20:18 +0800 CST

SSH logs i dont understand: maximum authentication attempts exceeded

I'm trying to decrypt all of my ssh logs (in order to give them reasonable tags with logstash). But I have found one case that I dont really understand:

Oct 23 07:43:47 sshd[59830]: Connection from 74.194.6.5 port 60126 on 213.67.100.148 port 22
Oct 23 07:43:51 sshd[59830]: error: maximum authentication attempts exceeded for root from 74.194.6.5 port 60126 ssh2 [preauth]
Oct 23 07:43:51 sshd[59830]: Disconnecting authenticating user root 74.194.6.5 port 60126: Too many authentication failures [preauth]

How can it reach the maximum authentication attempts without giving any sign of a authentication attempt?

Usually I get things like before the "maximum auth..." row appears.

Oct 23 08:54:06 sshd[62392]: Failed keyboard-interactive/pam for [...]
Oct 23 08:52:41 sshd[49690]: Failed publickey for [...]

But not always.

Please note, I dont have problems logging in..

SSH logs i dont understand: maximum authentication attempts exceeded

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?